From 7a129a7e9cf02c24754d34bbd85f3eea0a6e388e Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Fri, 22 Jul 2022 14:51:31 +0200 Subject: [PATCH] docs: improve `Security Fund` documentation - Add to README - Improve wording --- README.md | 6 ++++++ SECURITY.md | 13 +++++++------ 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index d4a8c3a..85c3baa 100644 --- a/README.md +++ b/README.md @@ -109,6 +109,12 @@ nix-bitcoin aims to achieve a high degree of security by building on the followi Note that if the machine you're deploying *from* is insecure, there is nothing nix-bitcoin can do to protect itself. +Security fund +--- +The nix-bitcoin security fund is a 2 of 3 bitcoin multisig address open for donations, used to reward +security researchers who discover vulnerabilities in nix-bitcoin or its upstream dependencies.\ +See [Security Fund](./SECURITY.md#nix-bitcoin-security-fund) for details. + Troubleshooting --- If you are having problems with nix-bitcoin check the [FAQ](docs/faq.md) or submit an issue.\ diff --git a/SECURITY.md b/SECURITY.md index f1f7dc8..8ec3485 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -21,17 +21,18 @@ You can import a GPG key by running the following command with that individual ## nix-bitcoin security fund -The nix-bitcoin security fund is a collection of funds held on the following 2/3 -bitcoin multisig address which is used to reward security researchers who -discover and report vulnerabilities in nix-bitcoin or its upstream dependencies. -Rewards are paid out as percentages of the total fund, rather than as fixed -amounts. - +The nix-bitcoin security fund rewards security researchers who discover and +report vulnerabilities in nix-bitcoin or its upstream dependencies.\ +It is held on a 2 of 3 bitcoin multisig address and is open for donations: ``` bc1qrpnz05n0yznaj6yw82wy8dhwuqz86s87vdlhq4cu92fus9qal25s555wsy ``` ([View balance](https://mempool.nixbitcoin.org/address/bc1qrpnz05n0yznaj6yw82wy8dhwuqz86s87vdlhq4cu92fus9qal25s555wsy)) + +Rewards are paid out as percentages of the total fund, rather than as fixed +amounts. + The nix-bitcoin developers [listed above](#reporting-a-vulnerability) each hold one key to the multisig address and collectively form the nix-bitcoin developer quorum: